Security Infusion
An agent-based solution for IT operations and security management providing Data Analytics and Machine Learning applied at the edge.
The business need
Abstraction and Convergence of ICT infrastructure completely transformed corporate assets while cloud and mobility are multiplying operational challenges. Cyber security is omnipresent as data and information are growing in value; cyber threats are the norm, not the extraordinary. IT security is now an integral part of business operations and not a fringe area of technological particularities.
Features
- Configurable agents , controlled by a central manager, with very small footprint.
- Real time monitoring and alerting of important hosts, services and security status.
- Real time security assessment based on process profiling, rule-based intrusion detection and ML techniques.
- Licensing per monitored node/installed agent.
- UI supports two type of users ( watchers, admins).
The Stack:
Security Infusion is an agent-based solution collecting, analyzing and visualizing information for the operations and security status of an organization’s IT resources. The application runs also regular agent-independent scans of the managed infrastructure, namely port scanning and vulnerability assessment, providing reports and remedy proposals for the issues it detects. From a logical architecture perspective, the application realizes its functions through the following components:
Infusion Agents • Infusion Edge Manager • Infusion Web Interface
Inventory
Port Scanning
Monitoring
Vulnerability Assessment
Analytics
Event Analyzer
Forensic Analysis
Inventory
Port Scanning
Monitoring
Vulnerability Assessment
Analytics
Event Analyzer
Forensic Analysis
Inventory
Inventory of Licensed Nodes
(having the Infusion Agent installed and running).
- Hardware Assets.
- Software Assets.
- Internal Storage.
- Network.
Infusion Inventory sets the base for the proper asset management of the underlying infrastructure.
Port Scanning
Ip-based, agent-independent overview of the LAN’s devices services.
- Inspection of open ports.
- Detection & Assessment the relative operating network services.
Infusion port scanning offers a thorough depiction of the activity inside the local network from an external approach, adding another level of situational awareness.
Monitoring
Agent-based Nodes monitoring.
Hosts (nodes with agents installed) & services running on them.
- Host Status.
- Service Status.
- Alerts (email & Slack).
Infusion Host monitoring provides operational awareness of the basic infrastructure elements and their services along with early warning in case of downtime or other critical status level.
Vulnerability Assessment
Detection of common cybersecurity vulnerabilities.
Agent-based assessment built around specific operational requirements and policies along with publicly known and reported vulnerability issues (i.e. CVE® lists).
- Operating System level vulnerabilities.
- Services Level Vulnerabilities (http, smtp, etc.).
- Report Generation.
Infusion Vulnerability Assessment provides the administrator with essential information on the Nodes (agent hosts) status enabling them to get insight, impact assessment and proposed solutions about soft points in their infrastructure.
Analytics
Nodes profiling and performance management.
- System Profiling.
- Processes analysis.
- Performance Visualization.
Infusion Analytics combines details about the status of the infrastructure with a data fusion overview approach through the Black Hat scoring scale (black hat = hacker) for each node hosting an agent. The lowest the score for a node (host) the better. Details concerning each node’s assets and operation are broken down and visualized accordingly through intuitive UI.
Event Analyzer
Surveillance and data gathering for events on all aspects of systems (hosts) activity including file integrity monitoring, log monitoring, rootcheck, and process monitoring.
- Log analysis.
- File integrity.
- Windows registry monitoring.
- Rootkit detection.
- Support and protection on multiple operating systems.
Infusion event analyzer is built on open components (i.e. OSSEC toolkit) gathering relative operational data and triggers rule based alerts enabling active response where needed.
Forensic Analysis
Real time or historical snapshots of the hosts with detailed analysis on processes and features.
- System Score.
- Status details.
- Handles details.
- Connections details.
- General system info.
Infusion forensic analysis instigates the ability to preserve, identify, recover, analyze and present facts concerning events and their impact in operational capability.
1. Inventory
Inventory of Licensed Nodes
(having the Infusion Agent installed and running).
- Hardware Assets.
- Software Assets.
- Internal Storage.
- Network.
Infusion Inventory sets the base for the proper asset management of the underlying infrastructure.
2. Port Scaning
Ip-based, agent-independent overview of the LAN’s devices services.
- Inspection of open ports.
- Detection & Assessment the relative operating network services.
Infusion port scanning offers a thorough depiction of the activity inside the local network from an external approach, adding another level of situational awareness.
3. Monitoring
Agent-based Nodes monitoring.
Hosts (nodes with agents installed) & services running on them.
- Host Status.
- Service Status.
- Alerts (email & Slack).
Infusion Host monitoring provides operational awareness of the basic infrastructure elements and their services along with early warning in case of downtime or other critical status level.
4. Vulnerabilities assessment
Detection of common cybersecurity vulnerabilities.
Agent-based assessment built around specific operational requirements and policies along with publicly known and reported vulnerability issues (i.e. CVE® lists).
- Operating System level vulnerabilities.
- Services Level Vulnerabilities (http, smtp, etc.).
- Report Generation.
Infusion Vulnerability Assessment provides the administrator with essential information on the Nodes (agent hosts) status enabling them to get insight, impact assessment and proposed solutions about soft points in their infrastructure.
5. Analytics
Nodes profiling and performance management.
- System Profiling.
- Processes analysis.
- Performance Visualization.
Infusion Analytics combines details about the status of the infrastructure with a data fusion overview approach through the Black Hat scoring scale (black hat = hacker) for each node hosting an agent. The lowest the score for a node (host) the better. Details concerning each node’s assets and operation are broken down and visualized accordingly through intuitive UI.
6. Event analyser
Surveillance and data gathering for events on all aspects of systems (hosts) activity including file integrity monitoring, log monitoring, rootcheck, and process monitoring.
- Log analysis.
- File integrity.
- Windows registry monitoring.
- Rootkit detection.
- Support and protection on multiple operating systems.
Infusion event analyzer is built on open components (i.e. OSSEC toolkit) gathering relative operational data and triggers rule based alerts enabling active response where needed.
7. Forensic Analysis
Real time or historical snapshots of the hosts with detailed analysis on processes and features.
- System Score.
- Status details.
- Handles details.
- Connections details.
- General system info.
Infusion forensic analysis instigates the ability to preserve, identify, recover, analyze and present facts concerning events and their impact in operational capability.
Information Technology
for Market Leadership
© 2020 All Rights Reserved.